CFTC Charges CME Over Client Data Breaches

The top derivatives regulator sought to fine CME Group and ban two former employees for life for leaking client data.

WASHINGTON -- The top U.S. derivatives
regulator on Thursday sought to fine the CME Group Inc
and ban two former employees for life for leaking client data in
a crackdown on the world's largest futures exchange.

The pair - William Byrnes and Christopher Curtin - had
disclosed information about trading and customers to a commodity
broker on frequent occasions over a period of 2-1/2 years, the
Commodity Futures Trading Commission (CFTC) said. In its civil complaint filed in the Southern District of New
York, the CFTC charged their former employer, the CME's energy
platform NYMEX. It quoted a CME official as agreeing that the
breach had been "a humongous deal".

"Maintaining the confidentiality of the type of non-public
information that Byrnes and Curtin disclosed is the "lifeblood"
of an Exchange such as CME NYMEX," the CFTC's complaint quoted a
senior official at NYMEX as saying.

Curtin and Byrnes - who at one point was put in charge of
training employees on confidentiality policies - had given a
broker access to details of trades, the identity of the parties
and prices paid, the CFTC said. The charge is all the more striking because the CME itself
is an important supervisor in the U.S. self-regulatory system.
It had come under scrutiny in the past 18 months because it was
a primary regulator of futures brokerage MF Global, which
collapsed in late 2011.

The CFTC oversees both the futures and the swaps markets at
arm's length and its chairman, Gary Gensler, has said the system
of self-regulation is not strong enough.

The CME said that it had terminated the employees when it
learned of the breaches of procedure, and that the leaks were
not used - and could not have been used - for insider trading,
and no customer suffered a financial loss.

"The CFTC court action announced today is disappointing
because it relates to incidents that CME Group has
already addressed and handled appropriately," the CME said. It said the CFTC was seeking fines against NYMEX only
because of the former employees' improper activities.

BRING YOUR CELL PHONE

Historically, U.S. market regulators have not aggressively
pursued enforcement actions against exchanges. But in recent
years, they have begun to crack down harder.

"Those who run exchanges and profit from trading need to be
responsible custodians of information and their employees'
actions related to sensitive data," CFTC Commissioner Bart
Chilton said in an emailed statement.

The CME had reviewed Byrnes's phone calls and emails from
just one day after someone complained because he thought that
someone called "Billy" - Byrnes's nick-name - had disclosed
secret information to others. But the CME did not question Byrnes, who then continued the
leaks until there was a second complaint from a market party,
and Byrnes was fired. The CME had in the meantime promoted him
to teach employees on confidentiality policies.

The broker - identified only as "broker X" - treated Byrnes
to meals, drinks and entertainment on multiple occasions,
speaking to him only on his mobile phone.

"Bring your cell phone tomorrow. We missed out on some
massive trades on Friday and some stuff happened today ...
Bring your phone tomorrow we definitely want to know," Broker X
was quoted as saying in the complaint.

Christopher Curtin, one of the two employees named in the
CFTC enforcement action now works for ELX Futures, LP, a New
York-based electronic futures exchange formed by a group of
banks, brokers and trading firms in 2007. When reached by telephone, he identified himself as the
person in the CFTC complaint, but declined to comment. Attempts
to reach Byrnes, whose LinkedIn profile has not been updated
since he left NYMEX, were not immediately successful.